Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

It seems that the process is not that bad (even though your description does look a lot worse). Subscribe to the Microsoft Security Bulletins and they have a full description of each patch that they put out on Patch Tuesday (e.g., https://technet.microsoft.com/...). The same goes with RHSA. Subscribe to the updates that you are interested in; these will most likely be your OS, web servers, app servers, other software installed. Similarly, most vendors run security patch announcements. There will likely be a lot of noise but in a couple of months you will know how to extract the information the change advisory board needs.
Here's the positive aspect of CAB: if you screw something up, you have someone else to blame!;-)

By the time they fix the clock, it'd be 100 days and the clock would be slower by 100 days! Then they'll try to fix again and the clock would be slower by 100 days again!....ad infinitum...
Better to break that cycle by not embarking on this journey!

msm1267 writes with an excerpt From Threat Post: "While the big traffic numbers and the spat between Spamhaus and illicit webhost Cyberbunker are grabbing big headlines, the underlying and percolating issue at play here has to do with the open DNS resolvers being used to DDoS the spam-fighters from Switzerland. Open resolvers do not authenticate a packet-sender's IP address before a DNS reply is sent back. Therefore, an attacker that is able to spoof a victim's IP address can have a DNS request bombard the victim with a 100-to-1 ratio of traffic coming back to them versus what was requested. DNS amplification attacks such as these have been used lately by hacktivists, extortionists and blacklisted webhosts to great success."
Running an open DNS resolver isn't itself always a problem, but it looks like people are enabling neither source address verification nor rate limiting.

If they use some kind of domain administrator passwords for this software to run guess what, the domain administrator credentials could be cached in every single computer. If a local administrator was on the machine and wanted to compromise, he/she could run hash stealing software when this "process" runs and compromise the domain.
The least possible privileges for a process that does this data searching will be difficult to determine. A trade-off will have to be done between accessibility of files and a lesser privileged account to be used for an exercise like this on Windows.

The credit card companies and banks are wanting to shift the residual risk to the customers. That's why they want you to pay for "SafeProtect" etc. for which you have to pay in advance so they monitor any ID thefts. My question is shouldn't they already be doing that? If yes, then why do they want you to pay for it? Cost reduction in my humble opinion.

Well...he got the money from a by-product of a fringe benefit of the hack (Hack->useful information (insider info)->steal). Would a similar argument be applicable if he was able to siphon money from individuals' accounts had he gained some passwords (Hack ->useful information(passez) -> steal). I wouldn't think so.Agreed, that he was not an insider so he can't be convicted for insider trading...but there should have been at least one more lawsuit going against him!

An anonymous coward writes "MySQL, purveyor of the open-source database of the same name, is on the road to becoming a publicly traded company, bolstered by $50 million in revenue in 2006. "It's still in the pipeline," Chief Executive Marten Mickos said of the plan to hold an initial public offering of his company's stock. He declined to discuss when the company planned to go public, but said, "We're making good progress, doing all the things we need to get done.""